Mercurial > dropbear
annotate svr-runopts.c @ 1715:3974f087d9c0
Disallow leading lines before the ident for server (#102)
Per RFC4253 4.2 clients must be able to process other lines of data
before the version string, server behavior is not defined neither
with MUST/SHOULD nor with MAY.
If server process up to 50 lines too - it may cause too long hanging
session with invalid/evil client that consume host resources and
potentially may lead to DDoS on poor embedded boxes.
Let's require first line from client to be version string and fail
early if it's not - matches both RFC and real OpenSSH behavior.
author | Vladislav Grishenko <themiron@users.noreply.github.com> |
---|---|
date | Mon, 15 Jun 2020 18:22:18 +0500 |
parents | 435cfb9ec96e |
children | 5120e22882de |
rev | line source |
---|---|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2 * Dropbear - a SSH2 server |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
3 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
4 * Copyright (c) 2002,2003 Matt Johnston |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
5 * All rights reserved. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
6 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
7 * Permission is hereby granted, free of charge, to any person obtaining a copy |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
8 * of this software and associated documentation files (the "Software"), to deal |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
9 * in the Software without restriction, including without limitation the rights |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
11 * copies of the Software, and to permit persons to whom the Software is |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
12 * furnished to do so, subject to the following conditions: |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
13 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
14 * The above copyright notice and this permission notice shall be included in |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
15 * all copies or substantial portions of the Software. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
16 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
23 * SOFTWARE. */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
24 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
25 #include "includes.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
26 #include "runopts.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
27 #include "signkey.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
28 #include "buffer.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
29 #include "dbutil.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
30 #include "algo.h" |
795 | 31 #include "ecdsa.h" |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
32 |
1534
ed930fd6f60f
Added the -G option to allow logins only for users that are members of a certain group. This allows finer control of an instance on who can and cannot login over a certain instance (e.g. password and not key). Needs double-checking and ensuring it meets platform requirements.
stellarpower <stellarpower@googlemail.com>
parents:
1499
diff
changeset
|
33 #include <grp.h> |
ed930fd6f60f
Added the -G option to allow logins only for users that are members of a certain group. This allows finer control of an instance on who can and cannot login over a certain instance (e.g. password and not key). Needs double-checking and ensuring it meets platform requirements.
stellarpower <stellarpower@googlemail.com>
parents:
1499
diff
changeset
|
34 |
24 | 35 svr_runopts svr_opts; /* GLOBAL */ |
36 | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
37 static void printhelp(const char * progname); |
1197
86a9e0204c03
ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents:
1177
diff
changeset
|
38 static void addportandaddress(const char* spec); |
795 | 39 static void loadhostkey(const char *keyfile, int fatal_duplicate); |
40 static void addhostkey(const char *keyfile); | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
41 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
42 static void printhelp(const char * progname) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
43 |
716 | 44 fprintf(stderr, "Dropbear server v%s https://matt.ucc.asn.au/dropbear/dropbear.html\n" |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
45 "Usage: %s [options]\n" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
46 "-b bannerfile Display the contents of bannerfile" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
47 " before user login\n" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
48 " (default: none)\n" |
1653
76189c9ffea2
External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents:
1603
diff
changeset
|
49 "-r keyfile Specify hostkeys (repeatable)\n" |
847
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
50 " defaults: \n" |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
51 #if DROPBEAR_DSS |
1653
76189c9ffea2
External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents:
1603
diff
changeset
|
52 " - dss %s\n" |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
53 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
54 #if DROPBEAR_RSA |
1653
76189c9ffea2
External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents:
1603
diff
changeset
|
55 " - rsa %s\n" |
847
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
56 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
57 #if DROPBEAR_ECDSA |
1653
76189c9ffea2
External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents:
1603
diff
changeset
|
58 " - ecdsa %s\n" |
847
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
59 #endif |
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1654
diff
changeset
|
60 #if DROPBEAR_ED25519 |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1654
diff
changeset
|
61 " - ed25519 %s\n" |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1654
diff
changeset
|
62 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
63 #if DROPBEAR_DELAY_HOSTKEY |
847
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
64 "-R Create hostkeys as required\n" |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
65 #endif |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
66 "-F Don't fork into background\n" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
67 #ifdef DISABLE_SYSLOG |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
68 "(Syslog support not compiled in, using stderr)\n" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
69 #else |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
70 "-E Log to stderr rather than syslog\n" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
71 #endif |
1499
2d450c1056e3
options: Complete the transition to numeric toggles (`#if')
Michael Witten <mfwitten@gmail.com>
parents:
1445
diff
changeset
|
72 #if DO_MOTD |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
73 "-m Don't display the motd on login\n" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
74 #endif |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
75 "-w Disallow root logins\n" |
1551
1acbdf64088e
add guard HAVE_GETGROUPLIST
Matt Johnston <matt@ucc.asn.au>
parents:
1538
diff
changeset
|
76 #ifdef HAVE_GETGROUPLIST |
1537
6a83b1944432
Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents:
1535
diff
changeset
|
77 "-G Restrict logins to members of specified group\n" |
1551
1acbdf64088e
add guard HAVE_GETGROUPLIST
Matt Johnston <matt@ucc.asn.au>
parents:
1538
diff
changeset
|
78 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
79 #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
80 "-s Disable password logins\n" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
81 "-g Disable password logins for root\n" |
692
c58a15983808
Allow configuring "allow blank password option" at runtime
Paul Eggleton <paul.eggleton@linux.intel.com>
parents:
671
diff
changeset
|
82 "-B Allow blank password logins\n" |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
83 #endif |
1445
a3a96dbf9a58
Use MAX_AUTH_TRIES rather than DEFAULT_AUTH_TRIES, don't limit argument range
Matt Johnston <matt@ucc.asn.au>
parents:
1442
diff
changeset
|
84 "-T Maximum authentication tries (default %d)\n" |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
85 #if DROPBEAR_SVR_LOCALTCPFWD |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
86 "-j Disable local port forwarding\n" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
87 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
88 #if DROPBEAR_SVR_REMOTETCPFWD |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
89 "-k Disable remote port forwarding\n" |
258
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
165
diff
changeset
|
90 "-a Allow connections to forwarded ports from any host\n" |
1289
a23386821e9f
Add -c <command> option to force a specific command
Jeremy Kerr <jk@ozlabs.org>
parents:
1210
diff
changeset
|
91 "-c command Force executed command\n" |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
92 #endif |
434
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
93 "-p [address:]port\n" |
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
94 " Listen on specified tcp port (and optionally address),\n" |
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
95 " up to %d can be specified\n" |
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
96 " (default port is %s if none specified)\n" |
323
3bfbe95f9a14
Add -P pidfile patch from Swen Schillig
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
97 "-P PidFile Create pid file PidFile\n" |
3bfbe95f9a14
Add -P pidfile patch from Swen Schillig
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
98 " (default %s)\n" |
1499
2d450c1056e3
options: Complete the transition to numeric toggles (`#if')
Michael Witten <mfwitten@gmail.com>
parents:
1445
diff
changeset
|
99 #if INETD_MODE |
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
100 "-i Start for inetd\n" |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
101 #endif |
454
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
449
diff
changeset
|
102 "-W <receive_window_buffer> (default %d, larger may be faster, max 1MB)\n" |
622
e27d7fb23376
Mention that the value is in seconds
Matt Johnston <matt@ucc.asn.au>
parents:
594
diff
changeset
|
103 "-K <keepalive> (0 is never, default %d, in seconds)\n" |
e27d7fb23376
Mention that the value is in seconds
Matt Johnston <matt@ucc.asn.au>
parents:
594
diff
changeset
|
104 "-I <idle_timeout> (0 is never, default %d, in seconds)\n" |
1654 | 105 #if DROPBEAR_PLUGIN |
1653
76189c9ffea2
External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents:
1603
diff
changeset
|
106 "-A <authplugin>[,<options>]\n" |
76189c9ffea2
External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents:
1603
diff
changeset
|
107 " Enable external public key auth through <authplugin>\n" |
76189c9ffea2
External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents:
1603
diff
changeset
|
108 #endif |
946 | 109 "-V Version\n" |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
110 #if DEBUG_TRACE |
510
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
492
diff
changeset
|
111 "-v verbose (compiled with DEBUG_TRACE)\n" |
94
c85c88500ea6
DEBUG_TRACE now only triggers with -v on the cmdline
Matt Johnston <matt@ucc.asn.au>
parents:
91
diff
changeset
|
112 #endif |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
113 ,DROPBEAR_VERSION, progname, |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
114 #if DROPBEAR_DSS |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
115 DSS_PRIV_FILENAME, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
116 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
117 #if DROPBEAR_RSA |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
118 RSA_PRIV_FILENAME, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
119 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
120 #if DROPBEAR_ECDSA |
847
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
121 ECDSA_PRIV_FILENAME, |
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
122 #endif |
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1654
diff
changeset
|
123 #if DROPBEAR_ED25519 |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1654
diff
changeset
|
124 ED25519_PRIV_FILENAME, |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1654
diff
changeset
|
125 #endif |
1445
a3a96dbf9a58
Use MAX_AUTH_TRIES rather than DEFAULT_AUTH_TRIES, don't limit argument range
Matt Johnston <matt@ucc.asn.au>
parents:
1442
diff
changeset
|
126 MAX_AUTH_TRIES, |
454
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
449
diff
changeset
|
127 DROPBEAR_MAX_PORTS, DROPBEAR_DEFPORT, DROPBEAR_PIDFILE, |
513
a3748e54273c
Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents:
510
diff
changeset
|
128 DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE, DEFAULT_IDLE_TIMEOUT); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
129 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
130 |
24 | 131 void svr_getopts(int argc, char ** argv) { |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
132 |
1164 | 133 unsigned int i, j; |
1404
e8f67918fdc9
when pointer, use NULL instead of 0
Francois Perrad <francois.perrad@gadz.org>
parents:
1295
diff
changeset
|
134 char ** next = NULL; |
434
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
135 int nextisport = 0; |
454
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
449
diff
changeset
|
136 char* recv_window_arg = NULL; |
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
449
diff
changeset
|
137 char* keepalive_arg = NULL; |
513
a3748e54273c
Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents:
510
diff
changeset
|
138 char* idle_timeout_arg = NULL; |
1442
517c67cbcd31
dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents:
1404
diff
changeset
|
139 char* maxauthtries_arg = NULL; |
795 | 140 char* keyfile = NULL; |
1164 | 141 char c; |
1654 | 142 #if DROPBEAR_PLUGIN |
1653
76189c9ffea2
External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents:
1603
diff
changeset
|
143 char* pubkey_plugin = NULL; |
76189c9ffea2
External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents:
1603
diff
changeset
|
144 #endif |
795 | 145 |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
146 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
147 /* see printhelp() for options */ |
24 | 148 svr_opts.bannerfile = NULL; |
149 svr_opts.banner = NULL; | |
1289
a23386821e9f
Add -c <command> option to force a specific command
Jeremy Kerr <jk@ozlabs.org>
parents:
1210
diff
changeset
|
150 svr_opts.forced_command = NULL; |
24 | 151 svr_opts.forkbg = 1; |
152 svr_opts.norootlogin = 0; | |
1551
1acbdf64088e
add guard HAVE_GETGROUPLIST
Matt Johnston <matt@ucc.asn.au>
parents:
1538
diff
changeset
|
153 #ifdef HAVE_GETGROUPLIST |
1537
6a83b1944432
Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents:
1535
diff
changeset
|
154 svr_opts.restrict_group = NULL; |
6a83b1944432
Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents:
1535
diff
changeset
|
155 svr_opts.restrict_group_gid = 0; |
1551
1acbdf64088e
add guard HAVE_GETGROUPLIST
Matt Johnston <matt@ucc.asn.au>
parents:
1538
diff
changeset
|
156 #endif |
24 | 157 svr_opts.noauthpass = 0; |
158 svr_opts.norootpass = 0; | |
692
c58a15983808
Allow configuring "allow blank password option" at runtime
Paul Eggleton <paul.eggleton@linux.intel.com>
parents:
671
diff
changeset
|
159 svr_opts.allowblankpass = 0; |
1445
a3a96dbf9a58
Use MAX_AUTH_TRIES rather than DEFAULT_AUTH_TRIES, don't limit argument range
Matt Johnston <matt@ucc.asn.au>
parents:
1442
diff
changeset
|
160 svr_opts.maxauthtries = MAX_AUTH_TRIES; |
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
161 svr_opts.inetdmode = 0; |
101
72dc22f56858
Change the way we load keys/ports so we don't print error messages into our
Matt Johnston <matt@ucc.asn.au>
parents:
94
diff
changeset
|
162 svr_opts.portcount = 0; |
72dc22f56858
Change the way we load keys/ports so we don't print error messages into our
Matt Johnston <matt@ucc.asn.au>
parents:
94
diff
changeset
|
163 svr_opts.hostkey = NULL; |
847
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
164 svr_opts.delay_hostkey = 0; |
323
3bfbe95f9a14
Add -P pidfile patch from Swen Schillig
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
165 svr_opts.pidfile = DROPBEAR_PIDFILE; |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
166 #if DROPBEAR_SVR_LOCALTCPFWD |
258
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
165
diff
changeset
|
167 svr_opts.nolocaltcp = 0; |
271
be18c7dd486e
Fix up #ifdefs for tcp forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
168 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
169 #if DROPBEAR_SVR_REMOTETCPFWD |
258
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
165
diff
changeset
|
170 svr_opts.noremotetcp = 0; |
271
be18c7dd486e
Fix up #ifdefs for tcp forwarding
Matt Johnston <matt@ucc.asn.au>
parents:
258
diff
changeset
|
171 #endif |
1654 | 172 #if DROPBEAR_PLUGIN |
1653
76189c9ffea2
External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents:
1603
diff
changeset
|
173 svr_opts.pubkey_plugin = NULL; |
76189c9ffea2
External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents:
1603
diff
changeset
|
174 svr_opts.pubkey_plugin_options = NULL; |
76189c9ffea2
External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents:
1603
diff
changeset
|
175 #endif |
996
47643024fc90
Disable non-delayed zlib for server
Matt Johnston <matt@ucc.asn.au>
parents:
976
diff
changeset
|
176 |
575
f9b5dc0cba61
- Disable compression for non-final multihops
Matt Johnston <matt@ucc.asn.au>
parents:
568
diff
changeset
|
177 #ifndef DISABLE_ZLIB |
996
47643024fc90
Disable non-delayed zlib for server
Matt Johnston <matt@ucc.asn.au>
parents:
976
diff
changeset
|
178 opts.compress_mode = DROPBEAR_COMPRESS_DELAYED; |
47643024fc90
Disable non-delayed zlib for server
Matt Johnston <matt@ucc.asn.au>
parents:
976
diff
changeset
|
179 #endif |
47643024fc90
Disable non-delayed zlib for server
Matt Johnston <matt@ucc.asn.au>
parents:
976
diff
changeset
|
180 |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
181 /* not yet |
33 | 182 opts.ipv4 = 1; |
183 opts.ipv6 = 1; | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
184 */ |
1499
2d450c1056e3
options: Complete the transition to numeric toggles (`#if')
Michael Witten <mfwitten@gmail.com>
parents:
1445
diff
changeset
|
185 #if DO_MOTD |
24 | 186 svr_opts.domotd = 1; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
187 #endif |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
188 #ifndef DISABLE_SYSLOG |
1210
64a50eac1030
Moved usingsyslog from svr_runopts to runopts.
Konstantin Tokarev <ktokarev@smartlabs.tv>
parents:
1197
diff
changeset
|
189 opts.usingsyslog = 1; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
190 #endif |
449
3e6c536bc023
Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents:
446
diff
changeset
|
191 opts.recv_window = DEFAULT_RECV_WINDOW; |
513
a3748e54273c
Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents:
510
diff
changeset
|
192 opts.keepalive_secs = DEFAULT_KEEPALIVE; |
a3748e54273c
Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents:
510
diff
changeset
|
193 opts.idle_timeout_secs = DEFAULT_IDLE_TIMEOUT; |
454
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
449
diff
changeset
|
194 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
195 #if DROPBEAR_SVR_REMOTETCPFWD |
258
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
165
diff
changeset
|
196 opts.listen_fwd_all = 0; |
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
165
diff
changeset
|
197 #endif |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
198 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
199 for (i = 1; i < (unsigned int)argc; i++) { |
1164 | 200 if (argv[i][0] != '-' || argv[i][1] == '\0') |
201 dropbear_exit("Invalid argument: %s", argv[i]); | |
795 | 202 |
1164 | 203 for (j = 1; (c = argv[i][j]) != '\0' && !next && !nextisport; j++) { |
1153
67d8a904f5a9
don't silently ignore extra flag arguments
Matt Johnston <matt@ucc.asn.au>
parents:
996
diff
changeset
|
204 switch (c) { |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
205 case 'b': |
24 | 206 next = &svr_opts.bannerfile; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
207 break; |
1289
a23386821e9f
Add -c <command> option to force a specific command
Jeremy Kerr <jk@ozlabs.org>
parents:
1210
diff
changeset
|
208 case 'c': |
a23386821e9f
Add -c <command> option to force a specific command
Jeremy Kerr <jk@ozlabs.org>
parents:
1210
diff
changeset
|
209 next = &svr_opts.forced_command; |
a23386821e9f
Add -c <command> option to force a specific command
Jeremy Kerr <jk@ozlabs.org>
parents:
1210
diff
changeset
|
210 break; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
211 case 'd': |
795 | 212 case 'r': |
213 next = &keyfile; | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
214 break; |
847
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
215 case 'R': |
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
216 svr_opts.delay_hostkey = 1; |
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
217 break; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
218 case 'F': |
24 | 219 svr_opts.forkbg = 0; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
220 break; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
221 #ifndef DISABLE_SYSLOG |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
222 case 'E': |
1210
64a50eac1030
Moved usingsyslog from svr_runopts to runopts.
Konstantin Tokarev <ktokarev@smartlabs.tv>
parents:
1197
diff
changeset
|
223 opts.usingsyslog = 0; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
224 break; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
225 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
226 #if DROPBEAR_SVR_LOCALTCPFWD |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
227 case 'j': |
258
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
165
diff
changeset
|
228 svr_opts.nolocaltcp = 1; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
229 break; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
230 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
231 #if DROPBEAR_SVR_REMOTETCPFWD |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
232 case 'k': |
258
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
165
diff
changeset
|
233 svr_opts.noremotetcp = 1; |
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
165
diff
changeset
|
234 break; |
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
165
diff
changeset
|
235 case 'a': |
306499676384
* add -g (dbclient) and -a (dropbear) options for allowing non-local
Matt Johnston <matt@ucc.asn.au>
parents:
165
diff
changeset
|
236 opts.listen_fwd_all = 1; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
237 break; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
238 #endif |
1499
2d450c1056e3
options: Complete the transition to numeric toggles (`#if')
Michael Witten <mfwitten@gmail.com>
parents:
1445
diff
changeset
|
239 #if INETD_MODE |
71
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
240 case 'i': |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
241 svr_opts.inetdmode = 1; |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
242 break; |
ac96bc733e71
adding inetd mode back from 0.43
Matt Johnston <matt@ucc.asn.au>
parents:
68
diff
changeset
|
243 #endif |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
244 case 'p': |
434
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
245 nextisport = 1; |
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
246 break; |
323
3bfbe95f9a14
Add -P pidfile patch from Swen Schillig
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
247 case 'P': |
3bfbe95f9a14
Add -P pidfile patch from Swen Schillig
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
248 next = &svr_opts.pidfile; |
3bfbe95f9a14
Add -P pidfile patch from Swen Schillig
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
249 break; |
1499
2d450c1056e3
options: Complete the transition to numeric toggles (`#if')
Michael Witten <mfwitten@gmail.com>
parents:
1445
diff
changeset
|
250 #if DO_MOTD |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
251 /* motd is displayed by default, -m turns it off */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
252 case 'm': |
24 | 253 svr_opts.domotd = 0; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
254 break; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
255 #endif |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
256 case 'w': |
24 | 257 svr_opts.norootlogin = 1; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
258 break; |
1551
1acbdf64088e
add guard HAVE_GETGROUPLIST
Matt Johnston <matt@ucc.asn.au>
parents:
1538
diff
changeset
|
259 #ifdef HAVE_GETGROUPLIST |
1537
6a83b1944432
Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents:
1535
diff
changeset
|
260 case 'G': |
6a83b1944432
Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents:
1535
diff
changeset
|
261 next = &svr_opts.restrict_group; |
6a83b1944432
Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents:
1535
diff
changeset
|
262 break; |
1551
1acbdf64088e
add guard HAVE_GETGROUPLIST
Matt Johnston <matt@ucc.asn.au>
parents:
1538
diff
changeset
|
263 #endif |
449
3e6c536bc023
Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents:
446
diff
changeset
|
264 case 'W': |
3e6c536bc023
Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents:
446
diff
changeset
|
265 next = &recv_window_arg; |
3e6c536bc023
Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents:
446
diff
changeset
|
266 break; |
454
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
449
diff
changeset
|
267 case 'K': |
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
449
diff
changeset
|
268 next = &keepalive_arg; |
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
449
diff
changeset
|
269 break; |
513
a3748e54273c
Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents:
510
diff
changeset
|
270 case 'I': |
a3748e54273c
Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents:
510
diff
changeset
|
271 next = &idle_timeout_arg; |
a3748e54273c
Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents:
510
diff
changeset
|
272 break; |
1442
517c67cbcd31
dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents:
1404
diff
changeset
|
273 case 'T': |
517c67cbcd31
dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents:
1404
diff
changeset
|
274 next = &maxauthtries_arg; |
517c67cbcd31
dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents:
1404
diff
changeset
|
275 break; |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
276 #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
277 case 's': |
24 | 278 svr_opts.noauthpass = 1; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
279 break; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
280 case 'g': |
24 | 281 svr_opts.norootpass = 1; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
282 break; |
692
c58a15983808
Allow configuring "allow blank password option" at runtime
Paul Eggleton <paul.eggleton@linux.intel.com>
parents:
671
diff
changeset
|
283 case 'B': |
c58a15983808
Allow configuring "allow blank password option" at runtime
Paul Eggleton <paul.eggleton@linux.intel.com>
parents:
671
diff
changeset
|
284 svr_opts.allowblankpass = 1; |
c58a15983808
Allow configuring "allow blank password option" at runtime
Paul Eggleton <paul.eggleton@linux.intel.com>
parents:
671
diff
changeset
|
285 break; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
286 #endif |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
287 case 'h': |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
288 printhelp(argv[0]); |
946 | 289 exit(EXIT_SUCCESS); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
290 break; |
442
d82a2a44c684
Add -u option to specify /dev/urandom instead
Matt Johnston <matt@ucc.asn.au>
parents:
435
diff
changeset
|
291 case 'u': |
446
2cd2edfa11ee
Just use /dev/urandom since that's what everyone ends up using anyway.
Matt Johnston <matt@ucc.asn.au>
parents:
442
diff
changeset
|
292 /* backwards compatibility with old urandom option */ |
442
d82a2a44c684
Add -u option to specify /dev/urandom instead
Matt Johnston <matt@ucc.asn.au>
parents:
435
diff
changeset
|
293 break; |
1654 | 294 #if DROPBEAR_PLUGIN |
1653
76189c9ffea2
External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents:
1603
diff
changeset
|
295 case 'A': |
76189c9ffea2
External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents:
1603
diff
changeset
|
296 next = &pubkey_plugin; |
76189c9ffea2
External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents:
1603
diff
changeset
|
297 break; |
76189c9ffea2
External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents:
1603
diff
changeset
|
298 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
299 #if DEBUG_TRACE |
94
c85c88500ea6
DEBUG_TRACE now only triggers with -v on the cmdline
Matt Johnston <matt@ucc.asn.au>
parents:
91
diff
changeset
|
300 case 'v': |
c85c88500ea6
DEBUG_TRACE now only triggers with -v on the cmdline
Matt Johnston <matt@ucc.asn.au>
parents:
91
diff
changeset
|
301 debug_trace = 1; |
c85c88500ea6
DEBUG_TRACE now only triggers with -v on the cmdline
Matt Johnston <matt@ucc.asn.au>
parents:
91
diff
changeset
|
302 break; |
c85c88500ea6
DEBUG_TRACE now only triggers with -v on the cmdline
Matt Johnston <matt@ucc.asn.au>
parents:
91
diff
changeset
|
303 #endif |
946 | 304 case 'V': |
948
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
946
diff
changeset
|
305 print_version(); |
946 | 306 exit(EXIT_SUCCESS); |
307 break; | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
308 default: |
1164 | 309 fprintf(stderr, "Invalid option -%c\n", c); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
310 printhelp(argv[0]); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
311 exit(EXIT_FAILURE); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
312 break; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
313 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
314 } |
1164 | 315 |
316 if (!next && !nextisport) | |
317 continue; | |
318 | |
319 if (c == '\0') { | |
320 i++; | |
321 j = 0; | |
322 if (!argv[i]) { | |
323 dropbear_exit("Missing argument"); | |
324 } | |
325 } | |
326 | |
327 if (nextisport) { | |
328 addportandaddress(&argv[i][j]); | |
329 nextisport = 0; | |
330 } else if (next) { | |
331 *next = &argv[i][j]; | |
332 if (*next == NULL) { | |
333 dropbear_exit("Invalid null argument"); | |
334 } | |
1404
e8f67918fdc9
when pointer, use NULL instead of 0
Francois Perrad <francois.perrad@gadz.org>
parents:
1295
diff
changeset
|
335 next = NULL; |
1164 | 336 |
337 if (keyfile) { | |
338 addhostkey(keyfile); | |
339 keyfile = NULL; | |
340 } | |
341 } | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
342 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
343 |
101
72dc22f56858
Change the way we load keys/ports so we don't print error messages into our
Matt Johnston <matt@ucc.asn.au>
parents:
94
diff
changeset
|
344 /* Set up listening ports */ |
72dc22f56858
Change the way we load keys/ports so we don't print error messages into our
Matt Johnston <matt@ucc.asn.au>
parents:
94
diff
changeset
|
345 if (svr_opts.portcount == 0) { |
72dc22f56858
Change the way we load keys/ports so we don't print error messages into our
Matt Johnston <matt@ucc.asn.au>
parents:
94
diff
changeset
|
346 svr_opts.ports[0] = m_strdup(DROPBEAR_DEFPORT); |
434
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
347 svr_opts.addresses[0] = m_strdup(DROPBEAR_DEFADDRESS); |
101
72dc22f56858
Change the way we load keys/ports so we don't print error messages into our
Matt Johnston <matt@ucc.asn.au>
parents:
94
diff
changeset
|
348 svr_opts.portcount = 1; |
72dc22f56858
Change the way we load keys/ports so we don't print error messages into our
Matt Johnston <matt@ucc.asn.au>
parents:
94
diff
changeset
|
349 } |
513
a3748e54273c
Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents:
510
diff
changeset
|
350 |
24 | 351 if (svr_opts.bannerfile) { |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
352 struct stat buf; |
24 | 353 if (stat(svr_opts.bannerfile, &buf) != 0) { |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
354 dropbear_exit("Error opening banner file '%s'", |
24 | 355 svr_opts.bannerfile); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
356 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
357 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
358 if (buf.st_size > MAX_BANNER_SIZE) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
359 dropbear_exit("Banner file too large, max is %d bytes", |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
360 MAX_BANNER_SIZE); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
361 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
362 |
24 | 363 svr_opts.banner = buf_new(buf.st_size); |
364 if (buf_readfile(svr_opts.banner, svr_opts.bannerfile)!=DROPBEAR_SUCCESS) { | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
365 dropbear_exit("Error reading banner file '%s'", |
24 | 366 svr_opts.bannerfile); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
367 } |
24 | 368 buf_setpos(svr_opts.banner, 0); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
369 } |
1534
ed930fd6f60f
Added the -G option to allow logins only for users that are members of a certain group. This allows finer control of an instance on who can and cannot login over a certain instance (e.g. password and not key). Needs double-checking and ensuring it meets platform requirements.
stellarpower <stellarpower@googlemail.com>
parents:
1499
diff
changeset
|
370 |
1551
1acbdf64088e
add guard HAVE_GETGROUPLIST
Matt Johnston <matt@ucc.asn.au>
parents:
1538
diff
changeset
|
371 #ifdef HAVE_GETGROUPLIST |
1537
6a83b1944432
Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents:
1535
diff
changeset
|
372 if (svr_opts.restrict_group) { |
6a83b1944432
Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents:
1535
diff
changeset
|
373 struct group *restrictedgroup = getgrnam(svr_opts.restrict_group); |
1534
ed930fd6f60f
Added the -G option to allow logins only for users that are members of a certain group. This allows finer control of an instance on who can and cannot login over a certain instance (e.g. password and not key). Needs double-checking and ensuring it meets platform requirements.
stellarpower <stellarpower@googlemail.com>
parents:
1499
diff
changeset
|
374 |
1537
6a83b1944432
Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents:
1535
diff
changeset
|
375 if (restrictedgroup){ |
6a83b1944432
Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents:
1535
diff
changeset
|
376 svr_opts.restrict_group_gid = restrictedgroup->gr_gid; |
6a83b1944432
Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents:
1535
diff
changeset
|
377 } else { |
6a83b1944432
Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents:
1535
diff
changeset
|
378 dropbear_exit("Cannot restrict logins to group '%s' as the group does not exist", svr_opts.restrict_group); |
6a83b1944432
Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents:
1535
diff
changeset
|
379 } |
6a83b1944432
Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents:
1535
diff
changeset
|
380 } |
1551
1acbdf64088e
add guard HAVE_GETGROUPLIST
Matt Johnston <matt@ucc.asn.au>
parents:
1538
diff
changeset
|
381 #endif |
449
3e6c536bc023
Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents:
446
diff
changeset
|
382 |
454
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
449
diff
changeset
|
383 if (recv_window_arg) { |
449
3e6c536bc023
Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents:
446
diff
changeset
|
384 opts.recv_window = atol(recv_window_arg); |
492
b956d6151600
Replace calls to strtoul() with a helper m_str_to_uint()
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
385 if (opts.recv_window == 0 || opts.recv_window > MAX_RECV_WINDOW) { |
449
3e6c536bc023
Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents:
446
diff
changeset
|
386 dropbear_exit("Bad recv window '%s'", recv_window_arg); |
3e6c536bc023
Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents:
446
diff
changeset
|
387 } |
3e6c536bc023
Add -W <windowsize> argument and document it.
Matt Johnston <matt@ucc.asn.au>
parents:
446
diff
changeset
|
388 } |
1442
517c67cbcd31
dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents:
1404
diff
changeset
|
389 |
517c67cbcd31
dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents:
1404
diff
changeset
|
390 if (maxauthtries_arg) { |
517c67cbcd31
dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents:
1404
diff
changeset
|
391 unsigned int val = 0; |
1445
a3a96dbf9a58
Use MAX_AUTH_TRIES rather than DEFAULT_AUTH_TRIES, don't limit argument range
Matt Johnston <matt@ucc.asn.au>
parents:
1442
diff
changeset
|
392 if (m_str_to_uint(maxauthtries_arg, &val) == DROPBEAR_FAILURE |
a3a96dbf9a58
Use MAX_AUTH_TRIES rather than DEFAULT_AUTH_TRIES, don't limit argument range
Matt Johnston <matt@ucc.asn.au>
parents:
1442
diff
changeset
|
393 || val == 0) { |
1442
517c67cbcd31
dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents:
1404
diff
changeset
|
394 dropbear_exit("Bad maxauthtries '%s'", maxauthtries_arg); |
517c67cbcd31
dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents:
1404
diff
changeset
|
395 } |
517c67cbcd31
dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents:
1404
diff
changeset
|
396 svr_opts.maxauthtries = val; |
517c67cbcd31
dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents:
1404
diff
changeset
|
397 } |
517c67cbcd31
dropbear server: support -T max auth tries
Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
parents:
1404
diff
changeset
|
398 |
454
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
449
diff
changeset
|
399 |
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
449
diff
changeset
|
400 if (keepalive_arg) { |
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
513
diff
changeset
|
401 unsigned int val; |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
513
diff
changeset
|
402 if (m_str_to_uint(keepalive_arg, &val) == DROPBEAR_FAILURE) { |
454
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
449
diff
changeset
|
403 dropbear_exit("Bad keepalive '%s'", keepalive_arg); |
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
449
diff
changeset
|
404 } |
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
513
diff
changeset
|
405 opts.keepalive_secs = val; |
454
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
449
diff
changeset
|
406 } |
513
a3748e54273c
Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents:
510
diff
changeset
|
407 |
a3748e54273c
Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents:
510
diff
changeset
|
408 if (idle_timeout_arg) { |
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
513
diff
changeset
|
409 unsigned int val; |
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
513
diff
changeset
|
410 if (m_str_to_uint(idle_timeout_arg, &val) == DROPBEAR_FAILURE) { |
513
a3748e54273c
Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents:
510
diff
changeset
|
411 dropbear_exit("Bad idle_timeout '%s'", idle_timeout_arg); |
a3748e54273c
Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents:
510
diff
changeset
|
412 } |
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
513
diff
changeset
|
413 opts.idle_timeout_secs = val; |
513
a3748e54273c
Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents:
510
diff
changeset
|
414 } |
1290
ee2ffa044c7e
Add manpage and log for forced_command
Matt Johnston <matt@ucc.asn.au>
parents:
1289
diff
changeset
|
415 |
ee2ffa044c7e
Add manpage and log for forced_command
Matt Johnston <matt@ucc.asn.au>
parents:
1289
diff
changeset
|
416 if (svr_opts.forced_command) { |
ee2ffa044c7e
Add manpage and log for forced_command
Matt Johnston <matt@ucc.asn.au>
parents:
1289
diff
changeset
|
417 dropbear_log(LOG_INFO, "Forced command set to '%s'", svr_opts.forced_command); |
ee2ffa044c7e
Add manpage and log for forced_command
Matt Johnston <matt@ucc.asn.au>
parents:
1289
diff
changeset
|
418 } |
1654 | 419 #if DROPBEAR_PLUGIN |
1653
76189c9ffea2
External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents:
1603
diff
changeset
|
420 if (pubkey_plugin) { |
76189c9ffea2
External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents:
1603
diff
changeset
|
421 char *args = strchr(pubkey_plugin, ','); |
76189c9ffea2
External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents:
1603
diff
changeset
|
422 if (args) { |
76189c9ffea2
External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents:
1603
diff
changeset
|
423 *args='\0'; |
76189c9ffea2
External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents:
1603
diff
changeset
|
424 ++args; |
76189c9ffea2
External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents:
1603
diff
changeset
|
425 } |
76189c9ffea2
External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents:
1603
diff
changeset
|
426 svr_opts.pubkey_plugin = pubkey_plugin; |
76189c9ffea2
External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents:
1603
diff
changeset
|
427 svr_opts.pubkey_plugin_options = args; |
76189c9ffea2
External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents:
1603
diff
changeset
|
428 } |
76189c9ffea2
External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents:
1603
diff
changeset
|
429 #endif |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
430 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
431 |
1197
86a9e0204c03
ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents:
1177
diff
changeset
|
432 static void addportandaddress(const char* spec) { |
86a9e0204c03
ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents:
1177
diff
changeset
|
433 char *spec_copy = NULL, *myspec = NULL, *port = NULL, *address = NULL; |
434
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
434 |
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
435 if (svr_opts.portcount < DROPBEAR_MAX_PORTS) { |
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
436 |
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
437 /* We don't free it, it becomes part of the runopt state */ |
1197
86a9e0204c03
ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents:
1177
diff
changeset
|
438 spec_copy = m_strdup(spec); |
86a9e0204c03
ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents:
1177
diff
changeset
|
439 myspec = spec_copy; |
434
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
440 |
706
002cf09827c0
Allow specifying server "-p" options with ipv6 bracket notation,
Matt Johnston <matt@ucc.asn.au>
parents:
692
diff
changeset
|
441 if (myspec[0] == '[') { |
002cf09827c0
Allow specifying server "-p" options with ipv6 bracket notation,
Matt Johnston <matt@ucc.asn.au>
parents:
692
diff
changeset
|
442 myspec++; |
1197
86a9e0204c03
ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents:
1177
diff
changeset
|
443 port = strchr(myspec, ']'); |
86a9e0204c03
ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents:
1177
diff
changeset
|
444 if (!port) { |
706
002cf09827c0
Allow specifying server "-p" options with ipv6 bracket notation,
Matt Johnston <matt@ucc.asn.au>
parents:
692
diff
changeset
|
445 /* Unmatched [ -> exit */ |
002cf09827c0
Allow specifying server "-p" options with ipv6 bracket notation,
Matt Johnston <matt@ucc.asn.au>
parents:
692
diff
changeset
|
446 dropbear_exit("Bad listen address"); |
002cf09827c0
Allow specifying server "-p" options with ipv6 bracket notation,
Matt Johnston <matt@ucc.asn.au>
parents:
692
diff
changeset
|
447 } |
1197
86a9e0204c03
ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents:
1177
diff
changeset
|
448 port[0] = '\0'; |
86a9e0204c03
ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents:
1177
diff
changeset
|
449 port++; |
86a9e0204c03
ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents:
1177
diff
changeset
|
450 if (port[0] != ':') { |
706
002cf09827c0
Allow specifying server "-p" options with ipv6 bracket notation,
Matt Johnston <matt@ucc.asn.au>
parents:
692
diff
changeset
|
451 /* Missing port -> exit */ |
002cf09827c0
Allow specifying server "-p" options with ipv6 bracket notation,
Matt Johnston <matt@ucc.asn.au>
parents:
692
diff
changeset
|
452 dropbear_exit("Missing port"); |
002cf09827c0
Allow specifying server "-p" options with ipv6 bracket notation,
Matt Johnston <matt@ucc.asn.au>
parents:
692
diff
changeset
|
453 } |
002cf09827c0
Allow specifying server "-p" options with ipv6 bracket notation,
Matt Johnston <matt@ucc.asn.au>
parents:
692
diff
changeset
|
454 } else { |
002cf09827c0
Allow specifying server "-p" options with ipv6 bracket notation,
Matt Johnston <matt@ucc.asn.au>
parents:
692
diff
changeset
|
455 /* search for ':', that separates address and port */ |
1197
86a9e0204c03
ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents:
1177
diff
changeset
|
456 port = strrchr(myspec, ':'); |
706
002cf09827c0
Allow specifying server "-p" options with ipv6 bracket notation,
Matt Johnston <matt@ucc.asn.au>
parents:
692
diff
changeset
|
457 } |
434
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
458 |
1197
86a9e0204c03
ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents:
1177
diff
changeset
|
459 if (!port) { |
434
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
460 /* no ':' -> the whole string specifies just a port */ |
1197
86a9e0204c03
ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents:
1177
diff
changeset
|
461 port = myspec; |
434
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
462 } else { |
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
463 /* Split the address/port */ |
1197
86a9e0204c03
ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents:
1177
diff
changeset
|
464 port[0] = '\0'; |
86a9e0204c03
ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents:
1177
diff
changeset
|
465 port++; |
86a9e0204c03
ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents:
1177
diff
changeset
|
466 address = myspec; |
434
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
467 } |
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
468 |
1197
86a9e0204c03
ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents:
1177
diff
changeset
|
469 if (!address) { |
434
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
470 /* no address given -> fill in the default address */ |
1197
86a9e0204c03
ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents:
1177
diff
changeset
|
471 address = DROPBEAR_DEFADDRESS; |
434
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
472 } |
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
473 |
1197
86a9e0204c03
ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents:
1177
diff
changeset
|
474 if (port[0] == '\0') { |
434
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
475 /* empty port -> exit */ |
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
476 dropbear_exit("Bad port"); |
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
477 } |
1197
86a9e0204c03
ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents:
1177
diff
changeset
|
478 svr_opts.ports[svr_opts.portcount] = m_strdup(port); |
86a9e0204c03
ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents:
1177
diff
changeset
|
479 svr_opts.addresses[svr_opts.portcount] = m_strdup(address); |
434
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
480 svr_opts.portcount++; |
1197
86a9e0204c03
ports and addresses must be malloced to avoid segfault on exit
Matt Johnston <matt@ucc.asn.au>
parents:
1177
diff
changeset
|
481 m_free(spec_copy); |
434
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
482 } |
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
483 } |
0aaaf68e97dc
Add -p [address:]port option for binding to addresses, patch from
Matt Johnston <matt@ucc.asn.au>
parents:
271
diff
changeset
|
484 |
795 | 485 static void disablekey(int type) { |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
486 int i; |
802 | 487 TRACE(("Disabling key type %d", type)) |
1678
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1659
diff
changeset
|
488 for (i = 0; sigalgs[i].name != NULL; i++) { |
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1659
diff
changeset
|
489 if (sigalgs[i].val == type) { |
4b4cfc92c5b7
Make server send SSH_MSG_EXT_INFO
Matt Johnston <matt@ucc.asn.au>
parents:
1659
diff
changeset
|
490 sigalgs[i].usable = 0; |
47 | 491 break; |
492 } | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
493 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
494 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
495 |
807
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
802
diff
changeset
|
496 static void loadhostkey_helper(const char *name, void** src, void** dst, int fatal_duplicate) { |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
802
diff
changeset
|
497 if (*dst) { |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
802
diff
changeset
|
498 if (fatal_duplicate) { |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
802
diff
changeset
|
499 dropbear_exit("Only one %s key can be specified", name); |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
802
diff
changeset
|
500 } |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
802
diff
changeset
|
501 } else { |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
802
diff
changeset
|
502 *dst = *src; |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
802
diff
changeset
|
503 *src = NULL; |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
802
diff
changeset
|
504 } |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
802
diff
changeset
|
505 |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
802
diff
changeset
|
506 } |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
802
diff
changeset
|
507 |
101
72dc22f56858
Change the way we load keys/ports so we don't print error messages into our
Matt Johnston <matt@ucc.asn.au>
parents:
94
diff
changeset
|
508 /* Must be called after syslog/etc is working */ |
795 | 509 static void loadhostkey(const char *keyfile, int fatal_duplicate) { |
510 sign_key * read_key = new_sign_key(); | |
847
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
511 enum signkey_type type = DROPBEAR_SIGNKEY_ANY; |
795 | 512 if (readhostkey(keyfile, read_key, &type) == DROPBEAR_FAILURE) { |
976
964d41e3aeb2
Don't print "Failed loading hostkey" when -R delayed hostkey option is enabled
Steven Honeyman <stevenhoneyman@gmail.com>
parents:
948
diff
changeset
|
513 if (!svr_opts.delay_hostkey) { |
964d41e3aeb2
Don't print "Failed loading hostkey" when -R delayed hostkey option is enabled
Steven Honeyman <stevenhoneyman@gmail.com>
parents:
948
diff
changeset
|
514 dropbear_log(LOG_WARNING, "Failed loading %s", keyfile); |
964d41e3aeb2
Don't print "Failed loading hostkey" when -R delayed hostkey option is enabled
Steven Honeyman <stevenhoneyman@gmail.com>
parents:
948
diff
changeset
|
515 } |
795 | 516 } |
517 | |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
518 #if DROPBEAR_RSA |
795 | 519 if (type == DROPBEAR_SIGNKEY_RSA) { |
852
7540c0822374
Various cleanups and fixes for warnings
Matt Johnston <matt@ucc.asn.au>
parents:
847
diff
changeset
|
520 loadhostkey_helper("RSA", (void**)&read_key->rsakey, (void**)&svr_opts.hostkey->rsakey, fatal_duplicate); |
795 | 521 } |
522 #endif | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
523 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
524 #if DROPBEAR_DSS |
795 | 525 if (type == DROPBEAR_SIGNKEY_DSS) { |
852
7540c0822374
Various cleanups and fixes for warnings
Matt Johnston <matt@ucc.asn.au>
parents:
847
diff
changeset
|
526 loadhostkey_helper("DSS", (void**)&read_key->dsskey, (void**)&svr_opts.hostkey->dsskey, fatal_duplicate); |
795 | 527 } |
528 #endif | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
529 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
530 #if DROPBEAR_ECDSA |
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
531 #if DROPBEAR_ECC_256 |
807
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
802
diff
changeset
|
532 if (type == DROPBEAR_SIGNKEY_ECDSA_NISTP256) { |
852
7540c0822374
Various cleanups and fixes for warnings
Matt Johnston <matt@ucc.asn.au>
parents:
847
diff
changeset
|
533 loadhostkey_helper("ECDSA256", (void**)&read_key->ecckey256, (void**)&svr_opts.hostkey->ecckey256, fatal_duplicate); |
795 | 534 } |
535 #endif | |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
536 #if DROPBEAR_ECC_384 |
807
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
802
diff
changeset
|
537 if (type == DROPBEAR_SIGNKEY_ECDSA_NISTP384) { |
852
7540c0822374
Various cleanups and fixes for warnings
Matt Johnston <matt@ucc.asn.au>
parents:
847
diff
changeset
|
538 loadhostkey_helper("ECDSA384", (void**)&read_key->ecckey384, (void**)&svr_opts.hostkey->ecckey384, fatal_duplicate); |
807
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
802
diff
changeset
|
539 } |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
802
diff
changeset
|
540 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
541 #if DROPBEAR_ECC_521 |
807
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
802
diff
changeset
|
542 if (type == DROPBEAR_SIGNKEY_ECDSA_NISTP521) { |
852
7540c0822374
Various cleanups and fixes for warnings
Matt Johnston <matt@ucc.asn.au>
parents:
847
diff
changeset
|
543 loadhostkey_helper("ECDSA521", (void**)&read_key->ecckey521, (void**)&svr_opts.hostkey->ecckey521, fatal_duplicate); |
807
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
802
diff
changeset
|
544 } |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
802
diff
changeset
|
545 #endif |
857 | 546 #endif /* DROPBEAR_ECDSA */ |
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1654
diff
changeset
|
547 |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1654
diff
changeset
|
548 #if DROPBEAR_ED25519 |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1654
diff
changeset
|
549 if (type == DROPBEAR_SIGNKEY_ED25519) { |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1654
diff
changeset
|
550 loadhostkey_helper("ed25519", (void**)&read_key->ed25519key, (void**)&svr_opts.hostkey->ed25519key, fatal_duplicate); |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1654
diff
changeset
|
551 } |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1654
diff
changeset
|
552 #endif |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1654
diff
changeset
|
553 |
795 | 554 sign_key_free(read_key); |
555 TRACE(("leave loadhostkey")) | |
556 } | |
557 | |
558 static void addhostkey(const char *keyfile) { | |
559 if (svr_opts.num_hostkey_files >= MAX_HOSTKEYS) { | |
560 dropbear_exit("Too many hostkeys"); | |
561 } | |
562 svr_opts.hostkey_files[svr_opts.num_hostkey_files] = m_strdup(keyfile); | |
563 svr_opts.num_hostkey_files++; | |
564 } | |
565 | |
1347
b28624698130
copy over some fuzzing code from AFL branch
Matt Johnston <matt@ucc.asn.au>
parents:
1210
diff
changeset
|
566 |
795 | 567 void load_all_hostkeys() { |
568 int i; | |
873
17b15683648d
Exit if we don't have keys and -R wasn't specified
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
569 int any_keys = 0; |
1681
435cfb9ec96e
send and handle SSH_MSG_EXT_INFO only at the correct point
Matt Johnston <matt@ucc.asn.au>
parents:
1678
diff
changeset
|
570 #if DROPBEAR_ECDSA |
1603
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
571 int loaded_any_ecdsa = 0; |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
572 #endif |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
573 |
101
72dc22f56858
Change the way we load keys/ports so we don't print error messages into our
Matt Johnston <matt@ucc.asn.au>
parents:
94
diff
changeset
|
574 svr_opts.hostkey = new_sign_key(); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
575 |
795 | 576 for (i = 0; i < svr_opts.num_hostkey_files; i++) { |
577 char *hostkey_file = svr_opts.hostkey_files[i]; | |
578 loadhostkey(hostkey_file, 1); | |
579 m_free(hostkey_file); | |
580 } | |
581 | |
1532
3616ec41d03d
Only load dropbear default host keys if a key is not specified
CamVan Nguyen <ctnguyen@us.ibm.com>
parents:
1499
diff
changeset
|
582 /* Only load default host keys if a host key is not specified by the user */ |
3616ec41d03d
Only load dropbear default host keys if a key is not specified
CamVan Nguyen <ctnguyen@us.ibm.com>
parents:
1499
diff
changeset
|
583 if (svr_opts.num_hostkey_files == 0) { |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
584 #if DROPBEAR_RSA |
1532
3616ec41d03d
Only load dropbear default host keys if a key is not specified
CamVan Nguyen <ctnguyen@us.ibm.com>
parents:
1499
diff
changeset
|
585 loadhostkey(RSA_PRIV_FILENAME, 0); |
795 | 586 #endif |
587 | |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
588 #if DROPBEAR_DSS |
1532
3616ec41d03d
Only load dropbear default host keys if a key is not specified
CamVan Nguyen <ctnguyen@us.ibm.com>
parents:
1499
diff
changeset
|
589 loadhostkey(DSS_PRIV_FILENAME, 0); |
795 | 590 #endif |
591 | |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
592 #if DROPBEAR_ECDSA |
1532
3616ec41d03d
Only load dropbear default host keys if a key is not specified
CamVan Nguyen <ctnguyen@us.ibm.com>
parents:
1499
diff
changeset
|
593 loadhostkey(ECDSA_PRIV_FILENAME, 0); |
795 | 594 #endif |
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1654
diff
changeset
|
595 #if DROPBEAR_ED25519 |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1654
diff
changeset
|
596 loadhostkey(ED25519_PRIV_FILENAME, 0); |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1654
diff
changeset
|
597 #endif |
1538
f20038b513a5
more linting (#58)
François Perrad <francois.perrad@gadz.org>
parents:
1537
diff
changeset
|
598 } |
795 | 599 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
600 #if DROPBEAR_RSA |
1603
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
601 if (!svr_opts.delay_hostkey && !svr_opts.hostkey->rsakey) { |
795 | 602 disablekey(DROPBEAR_SIGNKEY_RSA); |
876 | 603 } else { |
873
17b15683648d
Exit if we don't have keys and -R wasn't specified
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
604 any_keys = 1; |
17b15683648d
Exit if we don't have keys and -R wasn't specified
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
605 } |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
606 #endif |
847
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
607 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
608 #if DROPBEAR_DSS |
1603
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
609 if (!svr_opts.delay_hostkey && !svr_opts.hostkey->dsskey) { |
876 | 610 disablekey(DROPBEAR_SIGNKEY_DSS); |
611 } else { | |
873
17b15683648d
Exit if we don't have keys and -R wasn't specified
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
612 any_keys = 1; |
17b15683648d
Exit if we don't have keys and -R wasn't specified
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
613 } |
795 | 614 #endif |
847
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
615 |
1603
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
616 #if DROPBEAR_ECDSA |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
617 /* We want to advertise a single ecdsa algorithm size. |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
618 - If there is a ecdsa hostkey at startup we choose that that size. |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
619 - If we generate at runtime we choose the default ecdsa size. |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
620 - Otherwise no ecdsa keys will be advertised */ |
847
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
621 |
1603
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
622 /* check if any keys were loaded at startup */ |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
623 loaded_any_ecdsa = |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
624 0 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
625 #if DROPBEAR_ECC_256 |
1603
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
626 || svr_opts.hostkey->ecckey256 |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
627 #endif |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
628 #if DROPBEAR_ECC_384 |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
629 || svr_opts.hostkey->ecckey384 |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
630 #endif |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
631 #if DROPBEAR_ECC_521 |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
632 || svr_opts.hostkey->ecckey521 |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
633 #endif |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
634 ; |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
635 any_keys |= loaded_any_ecdsa; |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
636 |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
637 /* Or an ecdsa key could be generated at runtime */ |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
638 any_keys |= svr_opts.delay_hostkey; |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
639 |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
640 /* At most one ecdsa key size will be left enabled */ |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
641 #if DROPBEAR_ECC_256 |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
642 if (!svr_opts.hostkey->ecckey256 |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
643 && (!svr_opts.delay_hostkey || loaded_any_ecdsa || ECDSA_DEFAULT_SIZE != 256 )) { |
795 | 644 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP256); |
873
17b15683648d
Exit if we don't have keys and -R wasn't specified
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
645 } |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
646 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
647 #if DROPBEAR_ECC_384 |
1603
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
648 if (!svr_opts.hostkey->ecckey384 |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
649 && (!svr_opts.delay_hostkey || loaded_any_ecdsa || ECDSA_DEFAULT_SIZE != 384 )) { |
795 | 650 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP384); |
873
17b15683648d
Exit if we don't have keys and -R wasn't specified
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
651 } |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
652 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1290
diff
changeset
|
653 #if DROPBEAR_ECC_521 |
1603
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
654 if (!svr_opts.hostkey->ecckey521 |
0dc3103a5900
Only advertise a single server ecdsa key when -R (generate as required) is
Matt Johnston <matt@ucc.asn.au>
parents:
1557
diff
changeset
|
655 && (!svr_opts.delay_hostkey || loaded_any_ecdsa || ECDSA_DEFAULT_SIZE != 521 )) { |
847
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
656 disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP521); |
873
17b15683648d
Exit if we don't have keys and -R wasn't specified
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
657 } |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
658 #endif |
847
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
659 #endif /* DROPBEAR_ECDSA */ |
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
660 |
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1654
diff
changeset
|
661 #if DROPBEAR_ED25519 |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1654
diff
changeset
|
662 if (!svr_opts.delay_hostkey && !svr_opts.hostkey->ed25519key) { |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1654
diff
changeset
|
663 disablekey(DROPBEAR_SIGNKEY_ED25519); |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1654
diff
changeset
|
664 } else { |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1654
diff
changeset
|
665 any_keys = 1; |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1654
diff
changeset
|
666 } |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1654
diff
changeset
|
667 #endif |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1654
diff
changeset
|
668 |
876 | 669 if (!any_keys) { |
1177 | 670 dropbear_exit("No hostkeys available. 'dropbear -R' may be useful or run dropbearkey."); |
873
17b15683648d
Exit if we don't have keys and -R wasn't specified
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
671 } |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
672 } |